Friday, October 3, 2008

Dutch researcher claims e-passport hack

A Dutch researcher has published code that purports to emulate and clone e-passports, and has released a video to prove it works.

A Dutch researcher has published code that purports to emulate and clone e-passports, and has released a video to prove it works. The researcher claims the proof-of-concept video, posted this week to The Hackers Choice website, shows an e-passport self-reader at Schiphol airport in Amsterdam accepting a passport and chip with fake details — those of Elvis Presley — with no alarm apparently being raised.

The hacker, who goes by the name 'vonJeek', also published emulation code for use with a blank JCOP v4.1 72k smartcard. Once the code is uploaded to the card, the chip can be cloned using a customised version of Adam Laurie's RFIDIOT tool, the researcher claimed.

"Regardless how good the intention of the government might have been, the facts are that tested implementations of the e-passports inspection system are not secure," wrote vonJeek on The Hacker's Choice website. "E-passports give us a false sense of security: We are made to believe that they make use more secure. I'm afraid that's not true: current e-passport implementations don't add security at all."

The UK Identity and Passport Service said UK passports remained secure. A spokesperson said: "We take security and privacy very seriously, which is why the British biometric passport meets international standards as set out by International Civil Aviation Organisation and we remain confident that it is one of the most secure passports available."

Please refer here to read full details.

As we all are aware that Australia launched ePassports back in 2005 and they claimed it to be the most secure passport ever. After reading this post, is Australian ePassport and other countries ePassport still the most secure passport ever as they claimed or this will change soon?

No comments: